MTAT Applied Cryptography
|
|
- Liliana Harris
- 5 years ago
- Views:
Transcription
1 MTAT Applied Cryptography Smart Cards 2 University of Tartu Spring / 19
2 Security Model Parties involved in smart card based system: Cardholder Data owner Terminal Card issuer Card manufacturer Software manufacturer Smart card threat models: attacks by the terminal against the cardholder attacks by the cardholder against the terminal attacks by the cardholder against the data owner attacks by the cardholder against the issuer attacks by the cardholder against the software manufacturer attacks by the terminal owner against the issuer attacks by the issuer against the cardholder attacks by the (software)manufacturer against the data owner 2 / 19
3 Estonian ID card Used for: Protected RSA private key storage Perform on-card signing/decryption Authorize cryptographic operations (using PIN) Cardholder / Data owner / Terminal / Card issuer / Card manufacturer / Software manufacturer Attacks: by the terminal against the cardholder by the cardholder against the terminal by the cardholder against the data owner by the cardholder against the issuer by the issuer against the cardholder by the (software)manufacturer against the data owner 3 / 19
4 Mobile phones (SIM card) Used for: Store phone book contacts and SMS messages Store settings (operator information) Store 128-bit symmetric subscriber authentication key Perform RUN GSM ALGORITHM Authorize operations (using PIN) Mobile-ID Attacks: by the cardholder against the data owner by the terminal owner against the issuer by the issuer against the cardholder 4 / 19
5 Payments (EMV) EMV stands for Europay, MasterCard and Visa Used for: Store symmetric MAC key Authentication of credit card transactions (using PIN) Attacks: by the terminal against the cardholder by the cardholder against the data owner by the cardholder against the issuer by the terminal owner against the issuer by the issuer against the data owner 5 / 19
6 Other Payment Cards Used for: Store credit value Store account number Attacks: by the cardholder against the terminal by the cardholder against the data owner/issuer 6 / 19
7 Pay TV Used for: TV signal decryption Store channel filters Attacks: by the cardholder against the data owner/issuer by the terminal owner against the issuer 7 / 19
8 Tachograph Used for: Record driving activities Attacks: by the cardholder against the data owner/issuer by the terminal owner against the issuer 8 / 19
9 Attacks Against Smart Cards Side channel attacks: Timing analysis Power analysis EM signal analysis Introducing gliches, faults (voltage, clock rate) Induce bit errors Physical attacks: Chemical etching Chip re-wiring Addition of a track Cutting of a track Countermeasures Metal layers Onboard sensors (temp, light, frequency)... 9 / 19
10 Task 1 Implement utility that performs signing on ID card. $./esteid_sign.py somefile somefile.signature [+] Selected reader: Gemalto PC Twin Reader [+] EstEID v1.1 on MultiOS (DigiID) [=] Signing file somefile [+] Calculated SHA1 digest: e cd7f32184a22190ab c [+] Making DigestInfo object... [+] Sending DigestInfo to smart card for signing... [?] Enter PIN2: [+] Signature saved into somefile.signature $./esteid_getcert.py --cert sign --out sign.pem $ openssl x509 -in sign.pem -pubkey -noout > signpub.pem $ openssl dgst -verify signpub.pem -sha1 -signature somefile.signature somefile Verified OK $ openssl rsautl -certin -inkey sign.pem -in somefile.signature -verify -raw -hexdump ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff-ff ff ff ff ! b 0e a e ^ c d7 f a ab c Tui<..!..!..f.d, 10 / 19
11 Task 1: Signing (spec page 40) SELECT FILE MF/EEEE With MANAGE SECURITY ENVIRONMENT restore security environment #1 With VERIFY verify PIN2 Obtain PIN2 using python s raw input() PIN has to be sent as list of chars [ord(c) for c in pin2] Wrong PIN decreases PIN retry counter (!!!) Succesfully entered PIN resets retry counter If PIN blocks, it can be reset by using PUK (id.ee) If PUK blocks, PINs can be reset in bank or PBGB With PERFORM SECURITY OPERATION compute digital signature (spec page 131) 11 / 19
12 Task 2 Implement utility that performs decryption on ID card. $ echo -n "secret hello to you..." > plain.txt $ openssl rsautl -encrypt -certin -inkey sign.pem -in plain.txt -pkcs -out ciphertext $./esteid_decrypt.py ciphertext [+] Selected reader: Gemalto PC Twin Reader [+] EstEID v1.1 on MultiOS (DigiID) [?] Enter PIN2: [+] Decrypted text: secret hello to you... Decrypting (spec page 48): SELECT FILE MF/EEEE With MANAGE SECURITY ENVIRONMENT restore security environment #6 With MANAGE SECURITY ENVIRONMENT delete reference to auth and sign keys With MANAGE SECURITY ENVIRONMENT tell that we want to decrypt with sign key With VERIFY verify PIN2 With PERFORM SECURITY OPERATION decipher ciphertext (spec page 131) 12 / 19
13 APDU Command Chaining (spec page 115) If the data in APDU is larger than 255 bytes, data must be sent to the card in several blocks. Required for task 2 if your card has 2048-bit RSA keys (data will be 257 bytes (256 bytes ciphertext + 0x00 byte prefix)) Split the data in smaller blocks and send to the card using 0x10 CLA byte (except for the last block). 13 / 19
14 Bonus (+2 points) Provide utilities with --measure argument which measures the time needed to perform 100 operations: $./esteid_decrypt.py ciphertext --measure [+] Selected reader: Gemalto PC Twin Reader [+] EstEID v1.1 on MultiOS (DigiID) [+] Measuring the time required for 100 decryptions... [?] Enter PIN2: [+] Time: $./esteid_sign.py somefile somefile.signature --measure [+] Selected reader: Gemalto PC Twin Reader [+] EstEID v1.1 on MultiOS (DigiID) [=] Signing file somefile [+] Calculated SHA1 digest: e cd7f32184a22190ab c [+] Making DigestInfo object... [+] Measuring the time required for 100 signings... [+] Sending DigestInfo to smart card for signing... [?] Enter PIN2: [+] Time: / 19
15 Bonus (+2 points) Measurement loop must contain only minimum operations required The time can be measured using: import datetime s = datetime.datetime.now() print "[+] Time:", (datetime.datetime.now()-s).total_seconds() Run each experiment 3 times and provide min/max measurement output into esteid sign.out and esteid decrypt.out on your repository Give your educated guess why one operation is faster than the other 15 / 19
MTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Smart Cards 2 University of Tartu Spring 2014 1 / 20 Security Model Parties involved in smart card based system: Cardholder Data owner Terminal Card issuer Card manufacturer
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Smart Cards (JavaCard) University of Tartu Spring 2018 1 / 22 Smart Card Security Model Parties involved in a smart card based system: Cardholder Data owner Terminal owner
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Smart Cards (JavaCard) University of Tartu Spring 2017 1 / 23 Security Model Parties involved in smart card based system: Cardholder Data owner Terminal Card issuer Card
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Smart Cards 1 University of Tartu Spring 2015 1 / 27 Magnetic Stripe Card Not a smart card! Three-track stripe: Track 1 holds 79 6-bit plus parity bit characters Track
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Block Ciphers (AES) University of Tartu Spring 2017 1 / 17 Block Ciphers Properties: Deterministic Without the key plaintext cannot be found Valid plaintext-ciphertext
More informationChapter 8 Web Security
Chapter 8 Web Security Web security includes three parts: security of server, security of client, and network traffic security between a browser and a server. Security of server and security of client
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationSecurity of NFC payments
Security of NFC payments Olga Korobova Department of Computer Science University of Massachusetts Amherst Abstract Our research objective was to examine the security features implemented by the bank cards
More informationSMART CARDS. Miguel Monteiro FEUP / DEI
SMART CARDS Miguel Monteiro apm@fe.up.pt FEUP / DEI WHAT IS A SMART CARD Distinguishable characteristics Can participate in automated electronic transactions Used primarily to add security Not easily forged
More informationOnline Banking Security
Online Banking Security Fabian Alenius Uwe Bauknecht May 17, 2009 Contents 1 Introduction 2 2 Secure Communication 2 2.1 Password authentication..................... 2 2.2 One-time Passwords.......................
More informationDERIVED UNIQUE TOKEN PER TRANSACTION
SESSION ID: ASEC-W04 DERIVED UNIQUE TOKEN PER TRANSACTION Jeff Stapleton VP Security Architect Wells Fargo X9F4 workgroup chair Application Security Solution: tokenization technology Substitute sensitive
More informationIntroduction to Electronic Identity Documents
Tutorial Introduction to Electronic Identity Documents Klaus Schmeh cryptovision I'm Klaus Schmeh, Chief Editor Marketing at cryptovision. I have published a number of books. Identity Documents Conventional
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationE-commerce security: SSL/TLS, SET and others. 4.1
E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:
More informationCOMPGA12 1 TURN OVER
Applied Cryptography, COMPGA12, 2009-10 Answer ALL questions. 2 hours. Marks for each part of each question are indicated in square brackets Calculators are NOT permitted 1. Multiple Choice Questions.
More informationCh 9: Mobile Payments. CNIT 128: Hacking Mobile Devices. Updated
Ch 9: Mobile Payments CNIT 128: Hacking Mobile Devices Updated 4-24-17 Current Generation Scenarios Mobile banking apps NFC-based or barcode-based payment apps used by consumers to purchase goods Premium-rated
More informationPKI BLADE Applet and Protiva PIV DL Card Security Policy
PKI BLADE Applet and Protiva PIV DL Card Security Policy TITLE PKI BLADE Applet and Protiva PIV DL Card - Security Policy REF. TBD 0.9 DATE: 26 April, 2011 1 TABLE OF CONTENTS 1 Scope... 5 2 Introduction...
More informationSETECS OneCARD PIV II Java Card Applet. on Gemalto GemCombi'Xpresso R4 E72K PK card
Tel: (301) 587-3000 Fax: (301) 587-7877 E-mail: info@setecs.com Web: www.setecs.com SETECS OneCARD PIV II Java Card Applet on Gemalto GemCombi'presso R4 E72K PK card (Applet Version 1.2) FIPS 140-2 Security
More informationAPG8205 OTP Generator
APG8205 OTP Generator User Manual V1.00 Subject to change without prior notice Table of Contents 1.0. Introduction... 3 1.1. Supported Card Type... 3 1.2. Supported Language... 3 2.0. APG8205 Illustration...
More informationSystem-Level Failures in Security
System-Level Failures in Security Non linear offset component (ms) 0.0 0.5 1.0 1.5 2.0 Variable skew De noised Non linear offset Temperature 26.4 26.3 26.2 26.1 26.0 25.9 25.8 Temperature ( C) Fri 11:00
More informationVersion 2.3 March 2, WisePad 2 Security Policy
Version 2.3 March 2, 2016 WisePad 2 Security Policy Table of Content 1 Introduction...3 1.1 Purpose and Scope...3 1.2 Audience...3 1.3 Reference...3 1.4 Glossary of Terms and Abbreviations...4 2 General
More informationACOS 3 Contact Card. Functional Specification. Subject to change without prior notice
ACOS 3 Contact Card Functional Specification Subject to change without prior notice Table of Contents 1.0. Introduction... 3 1.1. Features...3 1.2. Technical Specifications...3 1.2.1. Electrical...3 1.2.2.
More informationThere are numerous Python packages for cryptography. The most widespread is maybe pycrypto, which is however unmaintained since 2015, and has
1 There are numerous Python packages for cryptography. The most widespread is maybe pycrypto, which is however unmaintained since 2015, and has unpatched buffer-overflow vulnerabilities. New projects should
More informationExpert 3.2
Giesecke & Devrient Sm@rtCafé Expert 3.2 FIPS 140-2 Non-Proprietary Security Policy Level 3 Validation Version 1.6 December 2011 Copyright 2011 Giesecke & Devrient This document may be freely reproduced
More informationEncryption of cardholder information. Torbjörn Lofterud Cybercom Sweden East AB.
Encryption of cardholder information Cybercom Sweden East AB 8/13/11 1 torbjorn.lofterud@cybercomgroup.com Information security consultant at Cybercom Sweden AB QSA PA-QSA PFI 8/13/11 2 PCI DSS Common
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Hash functions and HMAC University of Tartu Spring 2017 1 / 23 Cryptographic hash function A hash function is a function that takes an arbitrary block of data and returns
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationExpert Embedded Security
Giesecke & Devrient Sm@rtCafé Expert Embedded Security FIPS 140-2 Non-Proprietary Security Policy Level 3 Validation Version 0.7 August 2007 Copyright 2007 Giesecke & Devrient This document may be freely
More informationE-commerce security: SSL/TLS, SET and others. 4.2
E-commerce security: SSL/TLS, SET and others. 4.2 1 The need of authenticated payment SSL protects credit card details while they are transmitted through Internet but Why trust the Merchant? Once credit
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationUsing Cryptography CMSC 414. October 16, 2017
Using Cryptography CMSC 414 October 16, 2017 Digital Certificates Recall: K pub = (n, e) This is an RSA public key How do we know who this is for? Need to bind identity to a public key We can do this using
More informationUsing existing security infrastructures
Using existing security infrastructures Chris Mitchell Royal Holloway, University of London http://www.isg.rhul.ac.uk/~cjm 1 Acknowledgements This is joint work with Chunhua Chen and Shaohua Tang (South
More informationGlenda Whitbeck Global Computing Security Architect Spirit AeroSystems
Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems History 2000 B.C. Egyptian Hieroglyphics Atbash - Hebrew Original alphabet mapped to different letter Type of Substitution Cipher
More informationSlides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013
Digital Signatures Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013 Digital Signatures Diagram illustrating how to sign a message Why do we use a one-way hash? How does a collision
More informationFEITIAN Technologies Company, LTD epass Token Hardware Version: FIPS Non-Proprietary Security Policy
FEITIAN Technologies Company, LTD epass Token Hardware Version: 1.0.0 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 3 Document Version: 1.0 Prepared for: Prepared by: FEITIAN Technologies
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationSecurity Handshake Pitfalls
Security Handshake Pitfalls Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr 1 Cryptographic Authentication Password authentication is subject to eavesdropping Alternative: Cryptographic challenge-response
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationBuilding on existing security
Building on existing security infrastructures Chris Mitchell Royal Holloway, University of London http://www.isg.rhul.ac.uk/~cjm 1 Acknowledgements This is joint work with Chunhua Chen and Shaohua Tang
More informationA simple approach of Peer-to-Peer E-Cash system
A simple approach of Peer-to-Peer E-Cash system Mr. Dharamvir, Mr. Rabinarayan Panda Asst. Professor, Dept. of MCA, The Oxford College of Engineering Bangalore, India. Abstract-With the popularization
More informationFINEID - S1 v2.1 Electronic ID Application
FINEID SPECIFICATION 5.12.2011 FINEID - S1 v2.1 Electronic ID Application Application Note 1 Population Register Centre (VRK) Certification Authority Services P.O. Box 70 FIN-00581 Helsinki Finland http://www.fineid.fi
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Transport Layer Security (TLS) University of Tartu Spring 2017 1 / 22 Transport Layer Security TLS is cryptographic protocol that provides communication security over the
More information2 nd ETSI Security Workshop: Future Security. Smart Cards. Dr. Klaus Vedder. Chairman ETSI TC SCP Group Senior VP, Giesecke & Devrient
2 nd ETSI Security Workshop: Future Security Smart Cards Dr. Klaus Vedder Chairman ETSI TC SCP Group Senior VP, Giesecke & Devrient ETSI TC SCP, the Smart Card Committee 19 Years of Dedication and Real-life
More informationThe Design of an Anonymous and a Fair Novel E-cash System
International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 2, Number 2 (2012), pp. 103-109 International Research Publications House http://www. ripublication.com The Design of
More informationDynaPro Go. Secure PIN Entry Device PCI PTS POI Security Policy. September Document Number: D REGISTERED TO ISO 9001:2008
DynaPro Go Secure PIN Entry Device PCI PTS POI Security Policy September 2017 Document Number: D998200217-11 REGISTERED TO ISO 9001:2008 MagTek I 1710 Apollo Court I Seal Beach, CA 90740 I Phone: (562)
More informationACOS5-64. Functional Specifications V1.04. Subject to change without prior notice.
ACOS5-64 Functional Specifications V1.04 Subject to change without prior notice Table of Contents 1.0. Introduction... 4 1.1. Card Features... 4 1.2. History of Modifications... 5 2.0. Technical Specifications...
More informationSecurity Policy for Schlumberger Cyberflex Access 32K Smart Card with ActivCard Applets
Security Policy for Schlumberger Cyberflex Access 32K Smart Card with ActivCard Applets TABLE OF CONTENTS 1 SCOPE OF DOCUMENT... 1 2 INTRODUCTION... 1 3 SECURITY LEVELS... 1 3.1 CRYPTOGRAPHIC MODULE SPECIFICATION...
More informationSmart cards are made of plastic, usually polyvinyl chloride. The card may embed a hologram to prevent counterfeiting. Smart cards provide strong
Smart Cards By: Definition Smart cards, chip card, or integrated circuit card (ICC) are card with embedded integrated circuits that contain a computer chip capable of carrying out a cryptographic protocol.
More informationFunctional Specification of the OpenPGP application on ISO Smart Card Operating Systems
Functional Specification of the OpenPGP application on ISO Smart Card Operating Systems Version 1.0 Author: Achim Pietig 2003 PPC Card Systems GmbH September 18, 2003 Author: Achim Pietig PPC Card Systems
More informationOptimised to Fail: Card Readers for Online Banking
Optimised to Fail: Card Readers for Online Banking Saar Drimer Steven J. Murdoch Ross Anderson www.cl.cam.ac.uk/users/{sd410,sjm217,rja14} Computer Laboratory www.torproject.org Financial Cryptography
More informationBreaking Korea Transit Card with Side-Channel Attack
Breaking Korea Transit Card with Side-Channel Attack -Unauthorized Recharging- Black Hat Asia 2017 Tae Won Kim, Tae Hyun Kim, and Seokhie Hong Outline 1. Attack Goal & Scenario 2. Target Device Details
More informationDisplaying SSL Configuration Information and Statistics
CHAPTER 7 Displaying SSL Configuration Information and Statistics This chapter describes the show commands available for displaying CSS SSL configuration information and statistics and an explanation of
More informationSecurity Handshake Pitfalls
Cryptographic Authentication Security Handshake Pitfalls Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr Password authentication is subject to eavesdropping Alternative: Cryptographic challenge-response
More informationDataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.
Submitted by SPYRUS, Inc. Contents DT5000 and DT6000 Technology Overview...2 Why DT5000 and DT6000 Encryption Is Different...3 Why DT5000 and DT6000 Encryption Is Different - Summary...4 XTS-AES Sector-Based
More informationPayPass M/Chip 4. Card Technical Specification
PayPass M/Chip 4 Card Technical Specification Version 1.3.1 - September 2008 Proprietary Rights The information contained in this document is proprietary and confidential to MasterCard International Incorporated,
More informationExpert 3.2
Giesecke & Devrient Sm@rtCafé Expert 3.2 FIPS 140-2 Non-Proprietary Security Policy Level 3 Validation Version 1.5 June 2008 Copyright 2008 Giesecke & Devrient This document may be freely reproduced and
More informationDigipass from bank A works with bank B
M1 Authentication Challenge, then PIN, then response M2 Transaction signature PIN, then challenge*, then response Digipass from bank A works with bank B So... * denotes the zero-or-more regex operator
More informationSKBI Cryptocurrency Technical Seminar Series Seminar 1: Basics: Cryptography and Transactions
SKBI Cryptocurrency Technical Seminar Series Seminar 1: Basics: Cryptography and Transactions Zhiguo Wan Sim Kee Boon Institute for Financial Economics Singapore Management University Schedule of bitcoin
More informationMM23SC8128RM Flash Security Turbo Microcontroller Smart Card Chip With 1024 bit RSA & Maths Co-processor
Flash Security Turbo Microcontroller Smart Card Chip With 1024 bit RSA & Maths Co-processor 08 September 2009 This document is property of My-MS and My-MS has the right to make any changes to the contents
More informationSmart Card Operating Systems Overview and Trends
Smart Card Operating Systems Overview and Trends Pierre.Paradinas@gemplus.com Gemplus Labs Smart card A piece of plastic with a chip that contains: CPU, memories and programs SC is your personal information
More informationClover Flex Security Policy
Clover Flex Security Policy Clover Flex Security Policy 1 Table of Contents Introduction General description Installation Guidance Visual Shielding Device Security Decommissioning Key Management System
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Transport Layer Security (TLS) Advanced Features University of Tartu Spring 2016 1 / 16 Client Server Authenticated TLS ClientHello ServerHello, Certificate, ServerHelloDone
More informationTechnological foundation
Technological foundation Carte à puce et Java Card 2010-2011 Jean-Louis Lanet Jean-louis.lanet@unilim.fr Cryptology Authentication Secure upload Agenda Cryptology Cryptography / Cryptanalysis, Smart Cards
More informationCryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL
Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL Transpositional Ciphers-A Review Decryption 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 Encryption 1 2 3 4 5 6 7 8 A G O O D F R I E N D I S A T R E
More information1.264 Lecture 28. Cryptography: Asymmetric keys
1.264 Lecture 28 Cryptography: Asymmetric keys Next class: Anderson chapters 20. Exercise due before class (Reading doesn t cover same topics as lecture) 1 Asymmetric or public key encryption Receiver
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationThe Cryptographic Sensor
The Cryptographic Sensor Libor Dostálek and Václav Novák {libor.dostalek, vaclav.novak}@prf.jcu.cz Faculty of Science University of South Bohemia České Budějovice Abstract The aim is to find an effective
More informationIDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller
IDCore Flexible, Trusted Open Platform financial services & retail enterprise > SOLUTION Government telecommunications transport Trusted Open Platform Java Card Alexandra Miller >network identity >smart
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More informationPast & Future Issues in Smartcard Industry
Past & Future Issues in Smartcard Industry Ecrypt 2 Summer School Guillaume Dabosville Oberthur Technologies Oberthur Technologies the group its divisions payment, mobile, transport and digital TV markets
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Midterm 2 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be
More informationFINEID - S1 Electronic ID Application
FINEID SPECIFICATION 25.01.2018 FINEID - S1 Electronic ID Application v3.0 Population Register Centre (VRK) Certification Authority Services P.O. Box 123 FIN-00531 Helsinki Finland http://www.fineid.fi
More informationRemote Key Loading Spread security. Unlock efficiency
Remote Key Loading Spread security. Unlock efficiency Cut costs increase security A smarter way to do business The hacker community is growing increasingly sophisticated which means the financial community
More informationUsing the Estonian Electronic Identity Card for Authentication to a Machine
Using the Estonian Electronic Identity Card for Authentication to a Machine Danielle Morgan 1 Arnis Parsovs 2,3 1 Tallinn University of Technology, Tallinn, Estonia 2 Software Technology and Applications
More informationAsymmetric Cryptography. kprv. kpub. used in digital signature
Digital Signature logical representation: Asymmetric Cryptography plaintext plaintext kpub E kpub () kprv E kprv () ciphertext ciphertext kprv E -1 kprv () kpub E -1 kpub () used in digital envelope plaintext
More informationAdversary Models. CPEN 442 Introduction to Computer Security. Konstantin Beznosov
Adversary Models CPEN 442 Introduction to Computer Security Konstantin Beznosov why we need adversary models? attacks and countermeasures are meaningless without 2 elements of an adversary model objectives
More informationARX (Algorithmic Research) PrivateServer Hardware version 4.7 Firmware version 4.8.1
ARX (Algorithmic Research) PrivateServer Hardware version 4.7 Firmware version 4.8.1 FIPS 140-2 Non-Proprietary Security Policy Level 3 Validation April 2012 Copyright 2012 Algorithmic Research This document
More informationPUBLIC USER SPECIFICATION BELPIC APPLICATION V2.0
This document is preliminary and is subject to change without prior notice. As this version of the application is in final phase of the development, the current document could continue to evolve until
More informationUnderstand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS
Last Updated: Oct 31, 2017 Understand the TLS handshake Understand client/server authentication in TLS RSA key exchange DHE key exchange Explain certificate ownership proofs in detail What cryptographic
More informationFIPS Security Policy
Version 1.8 Last Update: 09/4/2014 1 WideBand Corporation 401 West Grand Street, Gallatin, MO 64640, USA 1 The actual module is a single chip within the depicted package WideBand Corporation, 2014 and
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More information6.857 L17. Secure Processors. Srini Devadas
6.857 L17 Secure Processors Srini Devadas 1 Distributed Computation Example: Distributed Computation on the Internet (SETI@home, etc.) Job Dispatcher Internet DistComp() { x = Receive(); result = Func(x);
More informationSEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security
SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security Consider 2. Based on DNS, identified the IP address of www.cuhk.edu.hk is 137.189.11.73. 1. Go to http://www.cuhk.edu.hk 3. Forward the
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Rakenduslik krüptograafia Прикладная криптография Juri Hudolejev University of Tartu Spring 2011 { Practical course theory is clear already Using existing tools, libraries
More informationChapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010
Cryptography Chapter 8 Network Security Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security An Introduction
More informationCSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography Outline 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationSecurity Requirements for Crypto Devices
Security Requirements for Crypto Devices Version 1.0 02 May 2018 Controller of Certifying Authorities Ministry of Electronics and Information Technology 1 Document Control Document Name Security Requirements
More informationOutline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 4 Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org Outline Review
More information06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security
1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of
More informationNIST Cryptographic Toolkit
Cryptographic Toolkit Elaine Barker ebarker@nist.gov National InformationSystem Security Conference October 16, 2000 Toolkit Purpose The Cryptographic Toolkit will provide Federal agencies, and others
More informationPractical Aspects of Modern Cryptography
Practical Aspects of Modern Cryptography Lecture 3: Symmetric s and Hash Functions Josh Benaloh & Brian LaMacchia Meet Alice and Bob Alice Bob Message Modern Symmetric s Setup: Alice wants to send a private
More informationCryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III
Cryptography III Public-Key Cryptography Digital Signatures 2/1/18 Cryptography III 1 Public Key Cryptography 2/1/18 Cryptography III 2 Key pair Public key: shared with everyone Secret key: kept secret,
More informationח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms
Public Key Cryptography Kurose & Ross, Chapters 8.28.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) AddisonWesley, April 2009. Copyright 19962010,
More information